The Postfix SMTP server maintains a record of SMTP conversations for debugging purposes. Depending on local configuration details this record is mailed to the postmaster whenever an SMTP session terminates with errors. During code maintenance, a stupid error was introduced due to which the SMTP session log could grow to an unreasonable size. This stupid error made the Postfix SMTP server vulnerable to a memory exhaustion attack. A similar stupid memory exhaustion vulnerability was found in the qmail SMTP server more than four years ago. This stupid error in qmail was never fixed. The patch below applies to any Postfix release that was issued in the year 2001. Fully patched releases will be made available via the usual web sites listed in www.postfix.org. Wietse Prereq: "Postfix-20010228-pl06" diff -cr ../postfix-20010228-pl06/src/global/mail_version.h ./src/global/mail_version.h *** ../postfix-20010228-pl06/src/global/mail_version.h Sun Nov 4 10:05:58 2001 --- ./src/global/mail_version.h Wed Nov 14 22:44:46 2001 *************** *** 15,21 **** * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" ! #define DEF_MAIL_VERSION "Postfix-20010228-pl06" extern char *var_mail_version; /* LICENSE --- 15,21 ---- * Version of this program. */ #define VAR_MAIL_VERSION "mail_version" ! #define DEF_MAIL_VERSION "Postfix-20010228-pl07" extern char *var_mail_version; /* LICENSE diff -cr ../postfix-20010228-pl06/HISTORY ./HISTORY *** ../postfix-20010228-pl06/HISTORY Sun Nov 4 10:35:50 2001 --- ./HISTORY Wed Nov 14 22:44:22 2001 *************** *** 5153,5155 **** --- 5153,5160 ---- exist. The behavior is now consistent: treat non-existant DN's in a special result attribute expansion the same as DN's with no attribute. LaMont Jones, HP. + + 20011114 + + Bugfix: reset the smtpd command transaction log between + deliveries. File: smtpd/smtpd.c. diff -cr ../postfix-20010228-pl06/src/smtpd/smtpd.c ./src/smtpd/smtpd.c *** ../postfix-20010228-pl06/src/smtpd/smtpd.c Tue May 1 12:43:22 2001 --- ./src/smtpd/smtpd.c Wed Nov 14 22:25:28 2001 *************** *** 988,993 **** --- 988,1005 ---- state->where = SMTPD_AFTER_DOT; /* + * Notify the postmaster if there were errors. This usually indicates a + * client configuration problem, or that someone is trying nasty things. + * Either is significant enough to bother the postmaster. XXX Can't + * report problems when running in stand-alone mode: postmaster notices + * require availability of the cleanup service. + */ + if (state->history != 0 && state->client != VSTREAM_IN + && (state->error_mask & state->notify_mask)) + smtpd_chat_notify(state); + smtpd_chat_reset(state); + + /* * Cleanup. The client may send another MAIL command. */ mail_reset(state);